Vivek Kundra’s legacy was to set in motion a deep change in the IT landscape for the Federal Government. The last few years saw many sceptics express doubts about the government moving to the cloud, but the rudder did turn and now its obvious how deep the Fed is in this turn, addressing the challenges of procurement (e.g. Apps.gov) Security and simplified accreditation (FedRAMP). However, a recent Presidential Memorandum on Managing Government Records that was released on November 28, 2011 sets a pretty significant hurdle for agencies that use public cloud providers to jump over, let alone comply with for internal systems. Specifically, these agencies are required to “managing electronic records, including email and social media, deploying cloud based services or storage solutions…supporting agency compliance with applicable legal requirements related to the preservation of information relevant to litigation”
Untangling that; basically preservation of records for litigation is pretty complex and is discussed in many publications. It is supported by the test of authenticity which results in whether the data carries sufficient evidential weight to be admissible see The Foundations of Digital Evidence and BS10008. As US Chief Magistrate Judge Paul W. Grimm (author of lorrain vs markel opinion paper) in his recent eDiscovery interview, suggests “rules that deal with whether it’s admissible or not must be addressed…If people weren’t aware of what they had to do to get this stuff into evidence during the discovery phase…they were potentially spending huge amounts of money only to be left wanting a trial because they couldn’t get it into evidence”.
Think about a simple case of a cloud provider who does somehow agree to provide data to support your e-Discovery requests but cannot prove the data´s authenticity. Brings to mind all those sunk costs invested to discover, retain and preserve the data, but with no forethought towards actually having to use it in court.
Author: Nadeem Bukhari